Deep packet inspection (DPI) is a form of computer network packet filtering that examines a data part of a passing-through packet to search for non-protocol compliance of predefined criteria to decide if the packet can pass through a network. This is in contrast to shallow packet inspection (usually called, just packet inspection) that just checks the header portion of a packet.
DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures. The DPI identifies and classifies the traffic based on a signature database and allows a user to perform several functions. A classified packet can be redirected, marked/tagged, blocked, rate limited, and reported to a reporting agent in the network. Some DPI devices also perform the ability to identify flows rather than a packet by packet analysis.
DPI allows service providers to readily know the packets of information that are being received online associated with e-mail, websites, music sharing, video and software downloads in the same or similar manner as a network analysis tool. Up-to-this point in time, DPI has been used for security purposes so that a service provider can identify the applications that are using network resources and take action if an undesired application is present. For example, a service provider may wish to prevent a customer from using peer-to-peer file sharing applications.